When Data Collection Goes Wrong: 10 Examples of When Identity Data Is Misused

It’s the equivalent of leaving your front door open, and a stranger walking around your house checking through your drawers, opening your mail and reading your private diary. It’s the downside of all the data that surrounds us: a lack of data privacy. Too often our personal data is vulnerable to breaches, hacking and misuse. And once in the public domain, that data can be used for criminal purposes, while having damaging consequences for the reputations of the companies that left their front door open in the first place.

How damaging? Well, just consider these real-world examples of when data privacy goes wrong.

While you watch a Samsung TV, it watches youThe recent Samsung TV incident clearly demonstrates this: The electronics giant admitted earlier this year that some smart TVs were logging users’ activity and voice commands, but argued that a clause buried in the privacy policy stated that spoken words could be “captured and transmitted to a third-party”. The subsequent media storm led Samsung to advise customers to switch the option off on their TVs.

One day they might make a film about this hackSony Pictures Entertainment was the victim of devastating cyber-attack last year that involved the release of stolen data including multiple yet-to-be-released films and personal employee information like social security numbers and salaries. To the embarrassment of celebrities and Sony Entertainment executives, details of private emails were also released—many revealing what really goes on behind the scenes in movie production.

Personal data available on eBayeBay went down in a blaze of embarrassment. Last year, the company revealed that hackers had managed to steal personal records of 233 million users, with usernames, passwords, phone numbers and physical addresses compromised. Hackers successfully stole eBay credentials and managed to gain access to sensitive data. There were further concerns that the stolen personal information could leave eBay users vulnerable to identity theft.

Anyone here order a taxi for data misuse?Taxi-hailing service Uber consciously developed a tool it calls ‘God View’ which, when used legitimately, allows tracking of all Uber customers in real time. However, Forbes reported that Uber often used this function as entertainment in parties showing the Ubers in a city and the silhouettes of waiting Uber users who had flagged cars. While a strong sales gimmick, one party attendee reported that real-time information was used and as a result individuals were identifiable.

Damage limitation at The Carphone WarehousePersonal details of up to 2.4 million Carphone Warehouse customers were accessed in a cyber-attack earlier this year. Up to 90,000 customers may also have had their encrypted credit card details accessed. To mitigate the damage to the company’s reputation and brand loyalty, the CEO of the retailer’s owner, Dixons Carphone, commented, “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.”

My car has a mind of its ownHackers recently took control of a new Jeep Cherokee and crashed it into a ditch, while sitting on a sofa ten miles away. They used a laptop and phone to access the vehicle’s on-board systems via the in-car wireless internet connection. The tech website Wired.com revealed that more than 470,000 vehicles of the manufacturer, Fiat Chrysler, could be at risk. They have issued a download fix.

Who ordered the Domino’s Pizza hack?Hacking group Rex Mundi held Domino’s Pizza to ransom over 600,000 Belgian and French customer records. In exchange for the personal data, which included names, addresses, emails, phone numbers and even favorite pizza toppings, Mundi demanded $40,000 from the fast-food chain. Domino’s refused to comply with the ransom and reassured customers that financial and banking information was not stolen.

Target targetedThe credit/debit card information and contact information of up to 110 million Target Stores customers were compromised. The retail giant announced that hackers had gained access to its point-of-sale (POS) payment card readers, and had collected about 70 million credit and debit card numbers. Target’s CIO and CEO soon resigned. The company recently estimated the cost of the breach at $162 million.

Students are at it tooA British teenager managed to hack into his school’s website and expose the personal details of 20,000 people, including medical information on more than 7,000 pupils. The 15-year-old unnamed pupil broke into Bay House’s private database after he obtained the password from a member of staff. The student, who has been temporarily excluded by the school, exposed the names, addresses, photographs and medical information of 7,600 past and present pupils, plus confidential details on about 13,000 adults.

PlayStation—call is HackStation?In the mother of all data breaches, 77 million Sony PlayStation Network accounts were hacked, 12 million of which had unencrypted credit card numbers. According to Sony it still has not found the source of the hack. Whoever they are gained access to full names, passwords, e-mails, home addresses, purchase history, credit card numbers, and PSN/Qriocity logins and passwords.

All of these scenarios expose perhaps the greatest challenge of our data-rich world: how to use it productively, competitively and successfully while protecting our customers’ identities, and their trust.